REMARKS 

The Office Action dated February 6, 2008 has been received and carefully noted. 
The above amendments to the claims, and the following remarks, are submitted as a full 
and complete response thereto. 

Claims 1-18 have been amended to more particularly point out and distinctly claim 
the subject matter of the invention. Claims 19-20 have been added. No new matter has 
been added and no new issues are raised which require further consideration or search. 
Therefore, claims 1-20 are currently pending in the application and are respectfully 
submitted for consideration. 

The Office Action rejected claims 2, 8, 13, 17, and 18 under 35 U.S.C. §102(e) as 
allegedly anticipated by Norefors, et al. (U.S. Patent No. 6,370,380) ("Norefors"). The 
Office Action alleged that Norefors discloses or suggests every claim feature recited in 
claims 2, 8, 13, 17, and 18. The rejection is respectfully traversed for at least the 
following reasons. 

Claim 2 recites a method, which includes generating a token by a first access 
router to which a mobile node was previously attached, and sending the token from the 
first access router to the mobile node within a message comprising a list of candidate 
access routers. The method further includes sending the token from the mobile node to a 
second access router as selected candidate after a handover procedure between the first 
and second access routers, and sending the token within an exchange between the access 
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routers specific to a candidate access router discovery procedure from the second access 
router back to the first access router for verification. 

Claim 8 recites a system, which includes a first access router, a mobile node, and a 
second access router. The first access router includes a generating unit configured to 
generate a token, and a first sending unit configured to send the token to the mobile node 
within a message comprising a list of candidate access routers. The mobile node includes 
a second sending unit configured to send the token to the second access router as selected 
candidate after a handover procedure between the access routers. The second access 
router includes a third sending unit configured to send the token within an exchange 
between the access routers specific to a candidate access router discovery procedure back 
to the first access router and a verification unit configured to verify the token. 

Claim 13 recites an apparatus, which includes a generator configured to generate a 
token, and a first transmitter configured to send the token to the mobile node within a 
message comprising a list of candidate access routers. The apparatus further includes a 
second transmitter configured to send the token within an exchange with another access 
router specific to a candidate access router discovery procedure to the other access router, 
and a verifier configured to verify the token. 

Claim 17 recites a system, which includes a first access router, a mobile node, and 
a second access router. The first access router includes generating means for generating a 
token, and first sending means for sending the token to the mobile node within a message 
comprising a list of candidate access routers. The mobile node includes second sending 
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means for sending the token to the second access router as selected candidate after a 
handover procedure between the access routers. The second access router includes third 
sending means for sending the token within an exchange between the access routers 
specific to a candidate access router discovery procedure back to the first access router 
and verification means for verifying the token. 

Claim 18 recites an apparatus, which includes generating means for generating a 
token, and first sending means for sending the token to a mobile node within a message 
comprising a list of candidate access routers. The apparatus further includes second 
sending means for sending the token within an exchange with another access router 
specific to a candidate access router discovery procedure to the other access router, and 
verification means for verifying the token. 

Claim 19 recites a method, which includes generating a token by a first access 
router to which a mobile node was previously attached, and sending the token from the 
first access router to the mobile node within a message comprising a list of candidate 
access routers. The token is sent from the mobile node to a second access router as 
selected candidate after a handover procedure between the first and second access 
routers, and the token is sent within an exchange between the access routers specific to a 
candidate access router discovery procedure fi-om the second access router back to the 
first access router for verification. 
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Thus, according to embodiments of the invention, deniai-of-service attacks can be 
reduced while implementing a Candidate Access Router Discovery ("CARD") protocol. 
Specifically, according to embodiments of the invention, a smart cache replacement 
policy is employed to ensure that valid cache entries are given highest priority and that 
information gathered from locally connected mobile terminals is favored, which 
inherently diminishes the effect of a distributed denial-of-service attack. 

As will be discussed below, Norefors fails to disclose or suggest all of the 
elements of the claims, and therefore fails to provide the advantages and features 
discussed above. 

Norefors generally discloses, in a mobile, wireless telecommunication network, a 
method for achieving secure handover of a mobile terminal from a first access point to a 
second access point, wherein the first access point and the second access point are 
physically connected through a fixed network. Norefors generally discloses that this is 
accomplished by transmitting a security token from the first access point to the mobile 
terminal, and then from the mobile terminal to the second access point, over the radio 
interface, (see Norefors at Abstract). 

Applicants respectfully submit that Norefors fails to disclose, teach, or suggest, all 
of the elements of the present claims. For example, Norefors fails to disclose, teach, or 
suggest, at least, an access router , as recited in claims 2, 8, 13, 17, 18, and 19. 
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Because Norefors fails to disclose, teach, or suggest, at least, an access router, for 
reasons which will be discussed below, Norefors fails to disclose, teach, or suggest, the 
following limitations: 

• "generating a token by a first access router to which the mobile node was 
previously attached" (claims 2 and 19); 

• "sending the token fi-om the first access router to the mobile node within a 
message comprising a list of candidate access routers " (claims 2 and 19); 

• "sending the token from the mobile node to a second access router as selected 
candidate after a handover procedure between the first and second access 
routers " (claims 2 and 19); 

• "sending the token within an exchange between the access routers specific to 
the discovery procedure firom the second access router back to the first access 
router for verification" (claims 2 and 19); 

• "a first access router " (claims 9 and 1 7); 

• "said mobile node and a second access router :" (claims 9 and 17); 

• "wherein, the first access router includes a generating unit configured to 
generate a token, first sending unit configured to send the token to the mobile 
node within a message comprising a list of candidate access routers :" (claims 9 
and 17); 
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• "wherein the mobile node includes second sending unit configured to send the 
token to the second access router as selected candidate after a handover 
procedure between the access routers '' (claims 9 and 17); 

• "wherein the second access router includes a third sending unit configured to 
send the token within an exchange between the access routers specific to the 
discovery procedure back to the first access router and a verification unit 
configured to verify the token" (claims 9 and 17) 

• "an access router for validating information of a mobile node in a mobile 
internet protocol" (claims 13 and 18); 

• "a first sending unit configured to send the token to the mobile node within a 
message comprising a list of candidate access routers " (claims 13 and 18); and 

• "a second sending unit configured to send the token within an exchange with 
another access router specific to the discovery procedure to the other access 
router" (claims 13 and 18). 

In the Response to Arguments section, the Office Action addressed some of 
Applicants' arguments fi-om Applicant's Response, previously filed on November 7, 
2007 (herein "Previous Response"), and maintained its position that Norefors discloses 
all the elements of independent claims 2, 9, 13, and 17-18. However, it appears that the 
Office Action failed to address Applicants' argument that the limitation "access router," 
as recited in claims 2, 8, 13, and 17-19, does not read on the access points disclosed in 
Norefors. 
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Norefors discloses a wireless network which includes a number of fixed radio 
stations which Norefors identifies as "base stations" or "access points." (see Norefors at 
col. 1, lines 10-18). Norefors further discloses that an access point communicates with 
one or more mobile terminals over a wireless interface, which is illustrated in Figure 1 
where APi communicates with mobile terminal MT over a cell CI, and further 
communicates with a fixed network 105. (see Norefors at col. 1, lines 19-21; Figure 1). 
The Office Action takes the position that the claimed limitation "access router," as recited 
in claims 2, 8, 13, and 17-19, reads on such an access point. Applicants respectfully 
submit that this is not a reasonable interpretation of the limitation "access router," given 
the knowledge of one of ordinary skill in the art, and Applicants' disclosure. 

Applicants respectfully submit that one of ordinary skill in the art would recognize 
that an access point provides a portal for a mobile terminal to access a fixed network, 
such as a local area network (LAN), through a wireless interface. In contrast, an access 
router provides connectivity between a first computer and a second computer, a computer 
and a network, a first network and a second network, a network and the Intemet via an 
Intemet Service Provider, etc. Thus, one of ordinary skill in the art would recognize that 
an access point and an access router perform two different functions, and that an access 
point can not be used to perform the function of an access router, and visa-versa. 

Furthermore, Applicant's disclosure clearly defines the term "access router," and 
clearly identifies that an "access router" has a separate and distinct meaning from "access 
point." Specifically, the specification of the present application discloses the following: 
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The term 'access router' should be understood to include computer- 
implemented devices that route packets, such as IP packets, to addresses in 
a network based on routing information. However, it should be understood 
that access routers are distinct from base stations/access points, w hich may 
rely on different transmission schemes to transmit information (e.g. GSM 
or CDMA). One or more base stations could be associated with a single 
access routen as shown in FIG. 1. Alternatively, more than one access 
router could be associated with a single base station , (see Specification at 
paragraph 0059). 

As the Federal Circuit has said on many occasions, 'the specification aids in 
ascertaining the scope and meaning of the language employed in the claims inasmuch as 
words must be used in the same way in both the claims and the specification." (see 
United States v. Telectronics, Inc., 857 F.2d 778, 8 USPQ2d 1217, 1220 (Fed. Cir. 
1988)). Thus, the Office Action's interpretation of the term "access router" is 
unreasonable, as it contradicts both the plain meaning of the term, and Applicants' 
definition of the term, as disclosed in the specification of the present application. 
Furthermore, because Norefors fails to disclose, or suggest, an "access router," as recited 
in claims 2, 8, 13, and 17-19, Norefors fails to disclose, or suggest, at least, all the 
limitations which use the phrase "access router," as discussed above. 

Therefore, for at least the reasons discussed above, Norefors fails to disclose, 
teach, or suggest, all of the elements of claims 2, 8, 13, and 17-19. Additionally, 
Applicants' additional arguments from its Previous Response are herein incorporated by 
reference. For the reasons stated above, Applicants respectfully request that this rejection 
be withdrawn. 
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The Office Action rejected claims 1, 3-5, 7, 9, 10, 12, and 14-16 under 35 U.S.C. 
§ 103(a) as being allegedly unpatentable as obvious over Frid, et al. (U.S. Patent No. 
6,137,791) ("Frid") in view of Norefors. The Office Action took the position that Frid 
discloses all the elements of the claims with the exception of "maintaining, by each of a 
plurality of access routers within the mobile IP environment, a cache of neighboring 
access routers as candidates and their associated points," with respect to claims 1 and 7; 
and "a router comprising a cache of neighboring access routers as candidates and their 
associated access points," as recited in claim 12. The Office Action then cited Norefors 
as allegedly curing the deficiencies of Frid. (see Office Action at pages 10-12). The 
rejection is respectfully traversed for at least the following reasons. 

Claim 1, upon which claims 3-6 and 20 are dependent, recites a method, which 
includes maintaining, by each of a plurality of access routers within a mobile internet 
protocol environment, a cache of neighboring access routers as candidates and their 
associated access points, and populating each cache with cache entries in response to 
actions initiated by mobile nodes. Each cache entry is tagged with an identity of an 
action initiating mobile node, which identity is based on information that is verifiable by 
the access routers and which cannot be modified arbitrarily by the mobile node. A total 
number of entries that can be tagged and thus introduced into a cache by any given node 
is limited. 

Claim 7, upon which claims 9-1 1 are dependent, recites a system, which includes a 
plurality of access routers within a mobile internet protocol environment, each router 
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configured to maintain a cache of neighboring access routers as candidates and their 
associated access points, and a plurality of mobile nodes which are capable of populating 
the caches in response to actions initiated. The cache is configured such that each cache 
entry is tagged with an identity of the action initiating mobile node having thus created 
the entry, and that a total number of entries that can be tagged and thus introduced into 
the cache by any given node is limited. 

Claim 12, upon which claims 14-16 are dependent, recites an apparatus, which 
includes a cache of neighboring access routers as candidates and their associated access 
points. The cache is configured such that each cache entry is tagged with an identity of a 
mobile node having initiated the entry creation, and that the total number of entries that 
can be tagged and thus introduced into the cache by any given node is limited. 

The advantages of embodiments of the invention, as discussed above, are 
incorporated herein. 

As will be discussed below, the combination of Frid and Norefors fails to disclose 
or suggest all of the elements of the claims, and therefore fails to provide the advantages 
and features discussed above. 

The discussion of Norefors is incorporated herein. Frid generally discloses a 
roaming mechanism enabling a mobile station to roam between a first data packet 
network utilizing a Mobile IP Method (MIM) and a second data packet network utilizing 
a Personal Digital Cellular Mobility Method (PMM) is disclosed. In Frid, a foreign agent 
is introduced into the PMM network for enabling a mobile station associated with the 
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MIM network and currently roaming within the PMM network to communicate packet 
data with an associated home agent. A home agent is further introduced into the PMM 
network for enabUng a mobile station associated with the PMM network and currently 
roaming within the MIM network to communicate packet data with an associated foreign 
agent or Mobile IP Client Emulator (MICE) currently serving the roaming mobile station, 
(see Frid at Abstract). 

Applicants respectfully submit that Frid and Norefors, whether considered 
individually or in combination, fail to disclose, teach, or suggest, all of the elements of 
the present claims. For example, Norefors fails to disclose, teach, or suggest, at least, an 
access router, as recited in claims 2, 8, 13, 17, 18, and 19. 

Because Norefors fails to disclose, teach, or suggest, at least, an access router , for 
reasons which have been discussed above, and will be reemphasized below, Norefors 
fails to disclose, teach, or suggest, the following limitations: "maintaining, by each of a 
plurality of access routers within a mobile intemet protocol environment, a cache of 
neighboring access routers as candidates and their associated access points," as recited in 
claim 1; "a plurality of access routers within a mobile intemet protocol environment, each 
router configured to maintain a cache of neighboring access routers as candidates and 
their associated access points," as recited in claim 7; and "a cache of neighboring access 
routers as candidates and their associated access points," as recited in claim 12. 

As the Office Action correctly realizes, Frid fails to disclose, teach, or suggest at 
least "maintaining, by each of a plurality of access routers within a mobile intemet 
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protocol environment, a cache of neighboring access routers as candidates and their 
associated access points," as recited in claim 1; "a plurality of access routers within a 
mobile intemet protocol environment, each router configured to maintain a cache of 
neighboring access routers as candidates and their associated access points," as recited in 
claim 7; and "a cache of neighboring access routers as candidates and their associated 
access points," as recited in claim 12, (see Office Action at pages 10-12). 

Instead, Frid discloses a plurality of base stations which provide radio coverage 
over a plurality of geographic areas, where a particular base station connects to an 
associated visited mobile switching center for routing and processing communicated data 
(see Frid at col. 4, lines 14-18). Frid further discloses that whenever a particular mobile 
station travels into a particular geographic area, a base station serving that geographic 
area transmits identification data informing the mobile station of the current location, and 
that based on said identification data, the mobile station registers with a new visited 
mobile switching center (see Frid at col. 4, lines 28-36). However, Frid fails to disclose 
associated visited mobile switching centers that have associated base stations with 
overlapping coverage areas. In contrast, according to embodiments of the present 
invention, two access routers are considered neighbors if the access routers have 
associated base stations with overlapping coverage areas (see Specification at paragraph 
0009). 

Furthermore, Norefors does not cure the deficiencies of Frid. As described above, 
Norefors fails to disclose, teach, or suggest, an "access router" as recited in the present 
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claims, because Norefors discloses base stations, or access points, which are distinct from 
"access routers." Thus, for similar reasons why Norefors fails to disclose, teach, or 
suggest "access router" in claims 2, 8, 13, and 17-19, as discussed above, Norefors fails 
to disclose, teach, or suggest "neighboring access routers" as recited in claims 1, 7, and 
12. 

Therefore, for at least the reasons discussed above, the combination of Frid and 
Norefors fails to disclose, teach, or suggest, all of the elements of claims 1, 7, and 12. 
For the reasons stated above, Applicants respectfully request that this rejection be 
withdrawn. 

Claims 3-5, 9-10, 14-16, and 20 are dependent upon claims 1, 7, and 12, 
respectively. Accordingly, claims 3-5, 9-10, 14-16, and 20 should be allowed for at least 
their dependence upon claims 1, 7, and 12, and for the specific limitations recited therein. 

Although the status of claims 6 and 1 1 were not indicated in the Office Action, a 
call to the Examiner was made, and it was confirmed that claims 6 and 1 1 would be 
allowable if rewritten to include all of the limitations of the base claims and any 
intervening claims. Applicants further assert that claims 6 and 1 1 have not been amended 
to rewrite the claims in independent form including all of the limitations of the base 
claims and any intervening claims, because Applicants have addressed the formal 
rejections to the independent claims, which claims 6 and 11 depends from, above. 
Accordingly, it is respectfully requested that claims 6 and 1 1 be allowed. 
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For at least the reasons discussed above, Applicants respectfully submit that the 
cited prior art references fails to disclose or suggest all of the elements of the claimed 
invention. These distinctions are more than sufficient to render the claimed invention 
unanticipated and unobvious. It is therefore respectfully requested that all of claims 1-20 
be allowed, and this application passed to issue. 

If for any reason the Examiner determines that the application is not now in 
condition for allowance, it is respectfully requested that the Examiner contact, by 
telephone, the applicants' undersigned representative at the indicated telephone number to 
arrange for an interview to expedite the disposition of this application. 
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In the event this paper is not being timely filed, the applicants respectfully petition 
for an appropriate extension of time. Any fees for such an extension together with any 
additional fees may be charged to Counsel's Deposit Account 50-2222. 



Customer No. 32294 

SQUIRE, SANDERS & DEMPSEY LLP 
14™ Floor 

8000 Towers Crescent Drive 
Tysons Comer, Virginia 22182-2700 
Telephone: 703-720-7800 
Fax: 703-720-7802 

KMM:dlh 

Enclosures: Request for Continued Examination (RCE) Transmittal 
Additional Claim Fee Transmittal 
Check No. 018497 



Respectfully submitted, 




Douglas H. (gjaldhush 
Registration No. 33,125 



-27- 



ApplicationNo.: 10/785,407 



